之前没写过dll的程序
那就先写个简单的Hello World练练手!
//dllTest.cpp
#include <Windows.h>
#include <Psapi.h>
extern "C" int __declspec(dllexport) mb();
//声明导出函数
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH://附加进程
{
TCHAR lpMainMoudleName[MAX_PATH];
TCHAR lpMessage[MAX_PATH + 64];
//获取PID和主模块名,将弹出消息框
DWORD dwPID = GetCurrentProcessId();
GetModuleBaseName(GetCurrentProcess(), NULL, lpMainMoudleName, MAX_PATH);
wsprintf(lpMessage, L"process name: %s, PID: %u ", lpMainMoudleName, dwPID);
MessageBox(NULL, lpMessage, L"msg.dll", MB_OK);
break;
}
case DLL_THREAD_ATTACH://附加线程
break;
case DLL_PROCESS_DETACH://分离进程
break;
case DLL_THREAD_DETACH://分离线程
break;
}
return TRUE;
}
int mb()
{
MessageBox(NULL, L"Hello World!", L"我是导出函数", MB_OK);
return 0;
}
编译通过后在工程的Debug目录下会生成一个dllTest.dll文件
就叫dllCall吧
建完后把上面生成的dllTest.dll复制到dllCall工程的Debug目录下
然后贴上以下代码
//dllCall.cpp
#include <stdio.h>
#include <windows.h>
typedef int(*lpMB)(); //宏定义函数指针类型
int main(int argc, char *argv[])
{
HINSTANCE hDll; //DLL句柄
lpMB callMB; //函数指针
hDll = LoadLibrary(L"dllTest.dll");
if (hDll != NULL)
{
callMB = (lpMB)GetProcAddress(hDll, "mb");
if (callMB != NULL)
{
callMB();
}
FreeLibrary(hDll);
}
return 0;
}
编译通过后运行会弹出两个对话框
至此一个简单的dll就完成了,接下来开始我们的远程线程注入吧!